Microsoft Greenlights Gag Order Lawsuit

Citing free speech, Microsoft and Google proceed with lawsuits against government to allow the companies to publicly divulge more information about FISA requests for user data.

9 Android Apps To Improve Security, Privacy

(click image for larger view)

Microsoft says it plans to move ahead with a lawsuit filed against the U.S. government in June to affirm the right of businesses to disclose limited information about government demands for data made under the Foreign Intelligence Surveillance Act (FISA).

In separate legal filings, Microsoft and Google challenged the gag order that typically accompanies FISA demands for customer data. The two companies asserted that they have a First Amendment right to publish the total number of FISA requests received and the total number of user accounts covered by such requests.

Microsoft general counsel Brad Smith said in a blog post on Friday that six times in recent weeks, Microsoft and Google have agreed to extend the deadline for the Department of Justice to respond to the companies' respective lawsuits, in the hope of reaching some accommodation. But, Smith said, the negotiations have ended in failure.

On Thursday, the Office of the Director of National Intelligence offered what the U.S. government presumably believes is an acceptable compromise: It agreed to release "the total number of orders issued during the prior twelve-month period" once each year, covering FISA orders and National Security Letters.

James R. Clapper, Director of National Intelligence, defended the limited provision of information as necessary to defend the U.S.

Smith considers this single, aggregate total inadequate, noting that the public deserves to know more and that the Constitution guarantees the right of companies and individuals to make reasonable disclosures.

"[W]e believe it is vital to publish information that clearly shows the number of national security demands for user content, such as the text of an email," Smith wrote. "These figures should be published in a form that is distinct from the number of demands that capture only metadata such as the subscriber information associated with a particular email address. We believe it's possible to publish these figures in a manner that avoids putting security at risk."

The status quo puts online technology companies at risk. Small technologies companies such as LavaBit and Silent Circle have shut down or stopped specific services because of their inability to deliver secure communication services when the U.S. government can demand secret access. Larger technology companies like Google and Microsoft face the challenge of courting cloud computing customers when competitors abroad don't have to dispense customer data to U.S. authorities on demand.

For U.S. companies, being forced to surrender data without being able to attest to the limited scope of such demands promotes mistrust among potential customers. The Information Technology and Innovation Institute, a technology think tank, recently projected that U.S. cloud service providers, because of their inability to provide meaningful privacy protection, could lose between $22 billion and $35 billion to competitors in Europe over the next three years.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.

Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."